Ratproxy audit report
Generated on: 2008/07/10 22:28
Input file: report.log
NOTE: Not all of the issues reported necessarily
correspond to actual security flaws. Findings should be validated
by manual testing and analysis where appropriate. When in doubt,
contact the author.
Report risk and risk modifier designations:
|
LOW
to
HIGH
|
Issue urgency classification (composite of impact and identification accuracy) |
|
INFO
|
Non-discriminatory entry for further analysis |
|
ECHO
/
echo
|
Query parameters echoed back / not echoed in HTTP response, respectively |
|
PRED
/
pred
|
Request URL or query data likely is / is not predictable to third parties, respectively |
|
AUTH
/
auth
|
Request requires / does not require cookie authentication, respectively |
External code inclusion [toggle]
Section hidden
MIME type mismatch on renderable file [toggle]
Section hidden
- MEDIUMECHO PRED auth GET http://localhost:80/cms/stylesheet.php?templateid=17&mediatype=screen ⇒ 200 [view trace]
Response (15240): /* Start of CMSMS style sheet 'Layout: Left sidebar + 1 column' */\n/*****************\r\nbrowsers interpret margin and padding a little differently, \r\nwe'll remove all default padding and margins and\r\nset them later on\r\n******************/\r\n* {\r\nmargin:0;\r\npadding:0;\r\n}\r\n\r\n/*\r\nSet initial font styles\r\n*/\r\nbody {\r\n text-align: left;\r\n font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;\r\n font-size: 75.01%;\r\n line-height: 1em;\r\n color: #385C72; \r\n}\r\n\r\n/*\r\nset font size for all divs,\r\nthis overrides some body rules\r\n*/\r\ndiv {\r\n font-size: 1em;\r\n}\r\n\r\n/*\r\nif img is inside "a" it would have \r\nborders, we don't want that\r\n*/\r\nimg {\r\n border: 0;\r\n}\r\n\r\n/*\r\ndefault link styles\r\n*/\r\n/* set all links to have underline and bluish color */\r\na,\r\na:link \r\na:active {\r\n text-decoration: underline;\r\n/* css validation will give a warning if color is set without background color. this wi...
MIME type: text/css, detected: application/x-javascript, charset: utf-8
References to external active content [toggle]
Section hidden